[apparmor] Provide public function to split confinement contexts
Tyler Hicks
tyhicks at canonical.com
Mon Apr 13 21:56:26 UTC 2015
The libapparmor aa_getcon(2) family of functions retrieves a confinement
context from the kernel and splits it up into separate label and mode strings.
The logic for splitting a confinement context has always been internal to
libapparmor. However, there is now a need to make the splitting functionality
available to external programs.
D-Bus programs that need to retrieve a peer's label and/or mode must use the
org.freedesktop.DBus.GetConnectionCredentials bus method which returns a
confinement context string that the bus retrieved with a call to getsockopt(2).
Programs then must split the confinement context in order to use the individual
label and/or mode strings.
This patch set implements a new libapparmor public function, called
aa_splitcon(3), which allows external programs to split confinement context
strings.
https://launchpad.net/bugs/1430532
Tyler
More information about the AppArmor
mailing list